I know this is very basic query and may be even naive one. But from the quote below which I read in the readme
developers of the private messaging application Signal https://github.com/signalapp/Signal-Desktop/issues/871 that it was more secure to distribute their application as a versioned and signed package through an application store. They were concerned that self-hosting a web app would put their users at risk if their servers were compromised to serve malicious code.
I am wondering how does discord/slack make their apps secure? I know they must be using integrity attribute on subresource level but with new features in chrome dev tool to override response content and all isnt it more insecure and shouldnt slack/discord recommend to download app instead and decommision web app totally?
Those services have a different threat model because they don't support end-to-end encrypted messaging. Without that feature you can assume your own servers are trustworthy, which Signal does not.
I know this is very basic query and may be even naive one. But from the quote below which I read in the readme
I am wondering how does discord/slack make their apps secure? I know they must be using integrity attribute on subresource level but with new features in chrome dev tool to override response content and all isnt it more insecure and shouldnt slack/discord recommend to download app instead and decommision web app totally?